Enumerate all SQL Server instances and locate the ERRORLOG folder.
Create a log folder called ERRORLOG_ and copy all the ERRORLOG files into it.
Q. Do we need 32-bit SQL support or just assume all modern SQL Servers are 64-bit?

Change all LOGMAN commands to use chained logging. 200MB per file.
Do for BID, network, and auth.

If set, the start trace waits for Ctrl+C instead of termination. When Ctrl+C is pressed, run the stop trace method.

Please check correctness of TLS 1.2 Yes/No for "SQLOLEDB" and "SQL Server" (supplied/updated with the operating system).
According to https://support.microsoft.com/en-us/topic/october-20-2020-kb4580390-os-build-17763-1554-preview-ac4799c9-838f-8665-a968-0f19b6cb1049 these providers support TLS 1.1 and 1.2:
"Adds support for the Transport Layer Security (TLS) 1.1 and 1.2 protocols when connecting to SQL Server using the data providers in Microsoft Data Access Components (MDAC)"
Tested with these providers from Windows 10 21H2 19044.2604 against SQL Server 2016 with extended event session sqlsni.trace:
SNISecurity Handshake Handshake succeeded. Protocol: TLS1.2
SQLCheck reports TLS 1.2 No:
Name Type Version Supported TLS 1.2
SQLOLEDB OLE DB 10.0.19041.2604 Deprecated No
SQL Server ODBC 10.0.19041.2604 Deprecated No

I have been banging my head against the wall for hours trying to figure out why SSPI connections to MS SQL servers suddenly started to fail.

From a blind guess troubleshooting from a completely different direction I found out that the @@SERVERNAME property of the MS SQL server/services/instance was different than what was being contacted in the client.

Knowing this would have saved me a lot of pain and it's something I believe the tools should be able to figure out. At the very least SQLCHECK -- SSPICLIENT may be a different story.

If you need clarification please let me know.

The SETUP needs to set the BID registry if BID Tracing is enabled.
The START command needs to check this if BID Tracing is enabled.
Need a warning and a prompt to set them now and wait for user to restart service.
Setting and resetting the registry needs to be in their own methods.

When using chained netsh tracing the number of files collected can be quite large.
Need some kind of method to control the # of files retained. e.g. say the last 10 files etc.

For trace start.
Add a command-line parameter to accept an absolute or relative log folder name.
If the folder exists, check whether it's empty.
If not, prompt the user to delete the contents or use a datetimestamp-named folder.
Store the folder name in a system environment variable.

For trace stop, read the folder name from the system environment variable, if not supplied in the command-line.

Disable reporting.

it is strange that i start the sqlcheck.exe file in Windows terminal and do generate a log file. but got noting in it,what happened?

The CLASS keyword is only supported in PowerShell 5.0 and higher. PowerShell on older OSs do not support this.

Log NETSTAT at start and end of trace.

Since SQL Trace collects so many files, it may be beneficial to have the trace file zip everything at the end of the process so the customer can upload just that zip file. Before we had SQLTrace, I wrote out my own script with the following:

POWERSHELL -command "Compress-Archive -Path .\SQLTrace -DestinationPath .%computername%_SQLTrace.zip"

ECHO.
ECHO I have zipped the contents of this directory as %computername%_SQLTrace.zip, stored in the same directory you ran the batch file from.
ECHO Please upload this file to the DTM site provided by your support engineer.
ECHO I have also paused the batch file so you can review the command buffer.
ECHO.
PAUSE

Can we update SQLTrace to simplify the BIDProviderList and all an "all" option to capture every known driver, even those we don't have standalone options for?

Needs to flush for all sessions, as in the starttracedcap.cmd in the Networking Wiki page.
Also, flush the NBTSTAT, DNS, etc.
Do every trace, not just when auth is selected.

Validate that the alias server is correctly formed.

I am running on Windows 10 Pro.

When I run SQLCHECK, it opens a new window, generates a report, and immediately closes the window. There is no way to view the output.

If I attempt to redirect the output using "sqlcheck > sqlcheck.log", then it creates an empty file.

Add a return code to facilitate command line calls from batch loops

Create a SQLTrace.log file in the output folder and write any console output to it.
Write-Message will be the base method.
It will add a timestamp to the message and also accept a fore-color and back-color.
Write-Info will write default colors.
Write-Warning will write Yellow foreground and black background.
Write-Error will write Red foreground and black background.
Colors to be stored in global variables, so they can be modified if needed, or loaded from the INI file.

Specifically:

        reg delete HKLM\SYSTEM\CurrentControlSet\Control\LSA\NegoExtender\Parameters /v InfoLevel /f  2>&1 
        reg delete HKLM\SYSTEM\CurrentControlSet\Control\LSA\Pku2u\Parameters /v InfoLevel /f  2>&1
        reg delete HKLM\SYSTEM\CurrentControlSet\Control\LSA /v LspDbgInfoLevel /f  2>&1
        reg delete HKLM\SYSTEM\CurrentControlSet\Control\LSA /v LspDbgTraceOptions /f  2>&1

Keys are not found. Do we create them?
Need to investigate or just eat the exceptions - or log them better - see previous issue.

Auth traces use a loop to set providers for LOGMAN. Can this technique be adopted for BID traces?

        logman start "Kerberos" -o .\Auth\Kerberos.etl -ets

        ForEach($KerberosProvider in $Kerberos)
        {
            # Update Logman Kerberos
            $KerberosParams = $KerberosProvider.Split('!')
            $KerberosSingleTraceGUID = $KerberosParams[0]
            $KerberosSingleTraceFlags = $KerberosParams[1]    
            logman update trace "Kerberos" -p `"$KerberosSingleTraceGUID`" $KerberosSingleTraceFlags 0xff -ets | Out-Null
        }

Can we add a column to the Cipher Suite section, probably for both Registry list and Policy list, that indicates which SSL/TLS versions a detected Cipher Suite can be used with?

Updating SQLCheck for latest supportability state for SQL Native Client 11. (out of support)

First, thank you for providing this tool.

I made a small modification to the tool and on our systems it shows better results. In WriteBlobTest I changed the size to 100K from 16K which I think is more representative of a Large Binary Object and I also randomize the bytes. If you create a byte array, the array will contain all 0 which compresses very well and may hide performance issues especially if compression is turned on in the database.

    public void  WriteBlobTest(out double myBlobWrite)
    {
        const int size = 100 * 1024; // 100K was 16K
        byte[] numArray1 = new byte[size]; //crate byte array
        var random = new Random();
        random.NextBytes(numArray1); // randomize the array so compression doesn't come into play

Can we start zipping tools without saving folder information in the zip file? Customers and, worse, Engineers do not understand that unzipping to something like this:

C:\SQLTrace

Means they need to be in this instead:

C:\SQLTrace\SQLTrace

If possible, can we pull certificate chain information, if we determine a "real" certificate is being used?

I see three options:

1. Self-generated certificate, which requires no further check
2. Self-signed certificate, perhaps we can check if this exists in both personal and trusted root
3. A "real" cert issued by some certificate authority, in which case we can possibly check and list the certificate chain or an error indicating there is no valid chain, as many errors indicate.

This is something I would be willing to investigate in the new year, assuming other duties don't keep me from helping here.

Powershell script to remap older SQL oledb drivers to latest version.

It would be nice if this code used proper patterns for creating/disposing SqlConnections and SqlCommands.

Can we update SQLCheck to see if TLS 1.3 Registry keys exist and call out a warning if the operating system doesn't support TLS 1.3?

Tested on SQL 2022 Developer CU 3

--from the log
Always-On Servers: WIN22SQL22N2, WIN22SQL22N1
Always-On Listeners: AGDB2022
Availability Groups: AGDB2022, ContainedAG

--from the DMVs
ag_name ag_listeiner_dns_name agl_port agl_config_string
AGDB2022 AGDB2022 1433 ('IP Address: 15.0.0.113')
ContainedAG ContainedAG 1434 ('IP Address: 15.0.0.114')

AGDB2022 is a regular AG
ContainedAG as the name suggests is a contained AG

Possible cause is that the port for the listener is 1434. (?)

Logging is enabled for status messages.
However, commands issue messages to the console that are (a) not timestamped, (b) no distinguishing between normal and error text, and (c) not logged to the trace log file.

Please pull the Event Log collection out of the Auth trace section and capture them all the time.

Detect last time system was rebooted.

Currently output is displayed to the screen and requires redirection to get it to file.
Customers are not always familiar with redirection and automatically creating the log file will save time.

StopAfter takes an integer parameter.

In start trace, after all the commands are finished, instead of terminating, go into a loop and sleep for 10 seconds and then check the timer. Once the timer expires, call the stop trace routine.

The SQL drivers do not log DNS calls. Logging the DNS event provider 1c95126e-7eea-49a9-a3fe-a378b03ddb4d can fill in the gap. It can be filtered by process and thread ID. Changes to the SQLBIDAnalyzer may have to be made to interleave this in the BID reports.

Write the tasklist to a file when starting and stopping the trace

1. Export to .txt and .evtx, so we can read events even if we do not have the facility installed.
2. Truncate the event logs to the last 24 hours ... or just to the duration of the trace (can log start DateTime in Environment variable).